Category Archives: WordPress

Disable the Plugin and Theme Editor on WordPress

To disable only the file editor (but allow for plugins and themes installation), simply add this line to your wp-config.php file (above the “ABSPATH” otherwise it won’t work): define(‘DISALLOW_FILE_EDIT’, true);define(‘DISALLOW_FILE_EDIT’, true);

Disable Plugin and Theme Update and Installation on WordPress

Prevents users from being able to update or install plugins and themes, plus removes the “Editor” menu so users can’t edit files. Add this line to your wp-config.php file (above the “ABSPATH” otherwise it won’t work): define(‘DISALLOW_FILE_MODS’, true);define(‘DISALLOW_FILE_MODS’, true); To allow plugins and themes installation and updates but disable only the file editor, use this: […]

Change Siteurl with MySQL Queries on WordPress

To change the siteurl of your WordPress site, use these SQL queries: UPDATE wp_options SET option_value = replace(option_value, ‘’, ‘’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’; UPDATE wp_posts SET guid = replace(guid, ‘’, ‘’); UPDATE wp_posts SET post_content = replace(post_content, ‘’, ‘’); UPDATE wp_postmeta SET meta_value = replace(meta_value, ‘’, ‘’);UPDATE wp_options SET option_value […]

Disable XML-RPC in WordPress

WordPress uses XML-RPC to remotely execute functions. For example, Jetpack and the WordPress mobile application use xmlrpc to remotely manage a WP site. However, also attackers try to exploit the xmlrpc.php file for bruteforce attacks. These attacks result in exhaustion of system resources causing services like PHP-FPM and MySQL to be unresponsive and as a […]

Remove WordPress Emojis

If you do not plan to use the emoticons and emojis in your blog you can easily disable them by adding these lines to your functions.php file: remove_action( ‘wp_head’, ‘print_emoji_detection_script’, 7 ); remove_action( ‘admin_print_scripts’, ‘print_emoji_detection_script’ );remove_action( ‘wp_head’, ‘print_emoji_detection_script’, 7 ); remove_action( ‘admin_print_scripts’, ‘print_emoji_detection_script’ ); This would also speed up your website load time.

Remove WordPress Admin Bar

Edit your functions.php file and add: add_filter(‘show_admin_bar’, ‘__return_false’);add_filter(‘show_admin_bar’, ‘__return_false’);

Disable File Editing inside WordPress

We highly recommend to disable file editing via WordPress dashboard. A malicious user may edit a PHP file of your theme and add malware code to infect your visitors. Or you can accidentally edit a PHP file and screw up your website layout. To disable file editing inside WordPress add this to your wp-config.php file […]

Stop WordPress from Guessing URLs

WordPress can guess URLs if they do not exist. For example, if user visits and the page does not exists, WordPress tries to find posts that contain “abc” string in the permalink. Personally I don’t like this behaviour so I prefer to stop WordPress from guessing URLs. Add this to your functions.php file: add_filter(‘redirect_canonical’, […]

Disallow Indexing of WordPress scripts

Prevent search engines, such as Google, to index PHP scripts of your installed plugins and themes. Prevent indexing of scripts located in other WordPress directories (i.e. /wp-includes/ and /wp-admin/). To disable indexing of WordPress scripts just add this on robots.txt file: User-agent: * Disallow: /wp-admin/ Disallow: /wp-includes/ Disallow: /wp-content/plugins/ Disallow: /wp-content/themes/ Disallow: /feed/ Disallow: */feed/User-agent: […]

Change WordPress Post Auto-Save Interval

By default WordPress post auto-save intervals is set to 60 seconds, you can increase this value to 2 minutes (120 seconds). Just edit your wp-config.php file and add this line (above the “ABSPATH” otherwise it won’t work): define( ‘AUTOSAVE_INTERVAL’, 120 );define( ‘AUTOSAVE_INTERVAL’, 120 );